Water and Wastewater

Cyber Secure-Gateway for Water Systems

The productivity of nations and the well-being of people worldwide depend on the availability of fresh and potable water. Yet, it is often the case that Supervisory Control and Data Acquisition (SCADA) solutions for water control are not granted adequate attention and resources. Consequently, many water infrastructure systems suffer from undetected leakage and inaccurate consumption metering, as well as unaccounted-for water (UFW) and financial losses.

While legacy water distribution control systems used to rely on public networks and proprietary data communication protocols, modern systems rely mainly on IP communication, over cooper, fiber optic and wireless media. Data communications in water systems may utilize a range of industry-standard protocols such as MODBUS.

In recent years, critical infrastructures of all kinds have become a target for cyber-attacks by hostile organizations and governments. Since water sites, which are typically unmanned, are spread across wide geographical areas, they should be considered a prime target for cyber-attacks, committed either by an insider who had gained unauthorized access to a site, or from outside the site via the operational network.

The 3180 is optimized to serve in remote water sites with its variety of communication interfaces and its rich security feature-set, all contained in a compact ruggedized chassis. Case in point is what happens during maintenance, which is, according to most security experts, one of the greatest vulnerability points. Maintenance processes require access to specific parts of the network, however many operators lack the ability to enforce such limited access to specific network segments or locations.

The Radiflow 3180 provides the operator the ability to manage complex maintenance operations using Authentication Proxy Access (APA), which enables the operator to intuitively define work orders per technician for a specific device within one of the subnets and for a limited time-slot.

The 3180 includes a Deep Packet Inspection (DPI) firewall to filter the unauthorized traffic in the operational technology (OT) network. This allows the operator to control the entire process and reduce cyber threats and humans errors. At the end of the maintenance sessions, the APA issues an activity report.